Fix: MFA

backend/src/server/routes/v2/mfa-router.ts

@@ -68,12 +68,15 @@ export const registerMfaRouter = async (server: FastifyZodProvider) => {
     },
     handler: async (req, res) => {
       const userAgent = req.headers["user-agent"];
+      const mfaJwtToken = req.headers.authorization?.replace("Bearer ", "");
       if (!userAgent) throw new Error("user agent header is required");
+      if (!mfaJwtToken) throw new Error("authorization header is required");
       const appCfg = getConfig();
 
       const { user, token } = await server.services.login.verifyMfaToken({
         userAgent,
         ip: req.realIp,
+        mfaJwtToken,
         userId: req.mfa.userId,
         orgId: req.mfa.orgId,
         mfaToken: req.body.mfaToken

backend/src/services/auth/auth-login-service.ts

@@ -314,14 +314,14 @@ export const authLoginServiceFactory = ({
    * Multi factor authentication verification of code
    * Third step of login in which user completes with mfa
    * */
-  const verifyMfaToken = async ({ userId, mfaToken, ip, userAgent, orgId }: TVerifyMfaTokenDTO) => {
+  const verifyMfaToken = async ({ userId, mfaToken, mfaJwtToken, ip, userAgent, orgId }: TVerifyMfaTokenDTO) => {
     await tokenService.validateTokenForUser({
       type: TokenType.TOKEN_EMAIL_MFA,
       userId,
       code: mfaToken
     });
 
-    const decodedToken = jwt.verify(mfaToken, getConfig().AUTH_SECRET) as AuthModeMfaJwtTokenPayload;
+    const decodedToken = jwt.verify(mfaJwtToken, getConfig().AUTH_SECRET) as AuthModeMfaJwtTokenPayload;
 
     const userEnc = await userDAL.findUserEncKeyByUserId(userId);
     if (!userEnc) throw new Error("Failed to authenticate user");

backend/src/services/auth/auth-login-type.ts

@@ -17,6 +17,7 @@ export type TLoginClientProofDTO = {
 export type TVerifyMfaTokenDTO = {
   userId: string;
   mfaToken: string;
+  mfaJwtToken: string;
   ip: string;
   userAgent: string;
   orgId?: string;